Name
Abstract | ||
|---|---|---|
Software security testing is an important technique for discovering software vulnerabilities that violate security requirements. Existing security testing methods, however, seldom generate security tests directly from security requirements specifications. To address this issue, this paper presents an approach for constructing security test models from the artifacts of misuse case modeling (i.e., use/misuse cases and mitigation use cases), which is a popular method for security requirements specification in the software development process. The security test models can then be used to automatically generate security tests, which consist of test inputs (normal behaviors from use cases and attack actions from misuse cases) and test oracles from mitigation use cases. We have applied the approach to two case studies. One case study demonstrates that the proposed approach can build security test models in a structured fashion such that the generated security tests are as effective as reported in the literature. The second case study applies the proposed approach to an ongoing software development project. The security tests have revealed at least 24 vulnerabilities, and are very helpful for the development team to improve the security of the software implementation. This demonstrates that the proposed approach is effective in the software development process. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.1109/DASC-PICom-DataCom-CyberSciTec.2017.98 | 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech) |
Keywords | Field | DocType |
security testing,software security,use case,misuse case,mitigation use case,modeling | Security testing,Use case,Misuse case,Unified Modeling Language,Software engineering,Computer science,Software security assurance,Software development process,Software requirements specification,Software development | Conference |
ISBN | Citations | PageRank |
978-1-5386-1957-5 | 0 | 0.34 |
References | Authors | |
9 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Samer Khamaiseh | 1 | 0 | 1.01 |
| Dianxiang Xu | 2 | 790 | 73.83 |